Description

A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.

Remediation

References

CVE-2021-35413

Related Vulnerabilities

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35985)

WordPress Plugin Responsive Products Showcase Listing for WordPress-WP Product Gallery Lite includes Backdoor [Only if downloaded via the vendor website] (1.1.1)

WordPress Plugin Ajax BootModal Login Security Bypass (1.4.3)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.18)

Liferay DXP Origin Validation Error Vulnerability (CVE-2022-25146)

Severity

High

Classification

CVE-2021-35413 CWE-707

Tags

Missing Update Known Vulnerabilities